The MembershipProvider.PasswordFormat property indicates the format that passwords are stored in. Passwords can be stored in Clear, Encrypted, and Hashed password formats. Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your data source is compromised. Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure, as passwords are not easily determined if the data source is compromised. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved.

You can use the MembershipProvider.EncryptPassword(Byte[]) and MembershipProvider.DecryptPassword(Byte[]) virtual methods of the System.Web.Security.MembershipProvider class to encrypt and decrypt password values, or you can supply your own encryption code. If you use the MembershipProvider.EncryptPassword(Byte[]) and MembershipProvider.DecryptPassword(Byte[]) virtual methods of the System.Web.Security.MembershipProvider class, Encrypted passwords are encrypted using the key information supplied in the machineKey element in your configuration.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0